HIPAA: Health Insurance Portability and Accountability Act of 1996
- Provided a stable source of federal funding for fraud and abuse control in health care
- Title I: Designed to protect health insurance coverage for workers and their families when they change or lose their job
- Title II: Administrative Simplification – Defines national standards to protect the privacy of Americans’ personal health records and is intended to increase efficiency of operations
Title II: Administrative Simplification
Purpose: To prevent the inappropriate use and disclosure of an individual’s health information, and require organizations which use health information to protect that information and the systems which store, transmit, and process it; and to increase the efficiency of operations through standardization.
Principles:
- Consumer control: the right to see, correct, obtain documentation of health information disclosures
- Accountability: civil and criminal penalties for violations of privacy standards
- Public responsibility: balance privacy with support for public health, medical research, and prevention of fraud
- Boundaries: use individually identifiable health information (IIHI) for health purposes only
- Security: standards to protect privacy, to monitor the system, and to inform
HIPAA and the University of Iowa
Section |
Description |
Effective Date |
UI Status |
Electronic Health Transactions Standards |
Standardize format & transmission of health transactions |
October 2003 + |
Extensions filed for all applicable UI units |
Unique Health Identifier Standards |
Standardize identifier numbers for providers, employers, patients, & plans |
Not Finalized |
|
Security & Electronic Signature Standards |
Reasonable and appropriate safeguards for health related information that is housed and/or transmitted electronically and that pertains to an individual Uniform format & use of electronic signatures, if employed |
April 2005
Not Finalized |
HIPAA Security Policies: -Information Security Policy -Institutional Data Access Policy -Roles and Responsibilities for Information Security -Backup and Recovery Policy |
Privacy & Confidentiality Standards |
Uniform protection for an individual’s right to privacy of their health information |
April 2003 |
-Privacy Statements -UIHC Privacy Policies -UI Privacy Officer appointed |